Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add dependabot to periodically refresh dependancies #443

Merged
merged 1 commit into from Jan 11, 2020
Merged

Conversation

@cclauss
Copy link
Contributor

cclauss commented Jan 11, 2020

As recommended by @ross at #441 (comment)

As recommended by @ross at #441 (comment)
@ross
Copy link
Contributor

ross commented Jan 11, 2020

PR looks fine. Will have to check into whether/how dependabot can be added to the repo under the github org. Not 100% sure on the status of that as it transitions from a 3rd party "preview" app to a first class GitHub thing.

@cclauss
Copy link
Contributor Author

cclauss commented Jan 11, 2020

Does it allow you to light up repos at https://app.dependabot.com ?

@ross
Copy link
Contributor

ross commented Jan 11, 2020

Does it allow you to light up repos at https://app.dependabot.com ?

Wasn't sure I'd have enough access to add it to the GitHub org, but looks like I do, at least for this repo.

@ross
Copy link
Contributor

ross commented Jan 11, 2020

Looks like it's running now with defaults, but from what I can tell it's finding requirements-dev.txt and not requirements.txt. Will see what the PR it opens up looks like when it's finished.

@ross
Copy link
Contributor

ross commented Jan 11, 2020

Looks like it pulled stuff from both:

Screen Shot 2020-01-11 at 8 43 17 AM

@ross
ross approved these changes Jan 11, 2020
Copy link
Contributor

ross left a comment

Looks like this will mainly set the frequency to weekly rather over daily which seems preferable. I look forward to the batching support that's been discussed in dependabot issues.

@ross ross merged commit d6fd1d3 into github:master Jan 11, 2020
2 checks passed
2 checks passed
ci (2.7)
Details
ci (3.7)
Details
@ross
Copy link
Contributor

ross commented Jan 11, 2020

Recording for posterity:

Applied config from .dependabot/config.yml:

---
update_configs:
- directory: "/"
  package_manager: python
  update_schedule: weekly
In addition, the following defaults have been applied:

---
allowed_updates:
- match:
    update_type: all
    dependency_type: direct
- match:
    update_type: security
    dependency_type: indirect
automerged_updates: []
default_assignees: []
default_labels:
- dependencies
default_reviewers: []
ignored_updates: []
target_branch: master
version_requirement_updates: auto
@cclauss cclauss deleted the cclauss:patch-2 branch Jan 11, 2020
@cclauss
Copy link
Contributor Author

cclauss commented Jan 11, 2020

My sense is that it only keeps open about 10 PRs and then it stops until the next cycle.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

2 participants
You can’t perform that action at this time.